On blockchain networks like Litecoin and Zcash, peer-to-peer communications are carried out in a decentralized manner.
According to blockchain security firm Halborn, at least 280 more networks still contain the vulnerability it discovered in the open-source software of the Dogecoin network last year.
The researchers discovered a number of significant vulnerabilities in 2022 during an examination that might have been used by attackers to compromise the network. The vulnerabilities were then addressed and fixed by Dogecoin developers.
However later research by Halborn showed that such flaws existed in a number of other networks, including Litecoin and Zcash. According to Halborn, this might expose tokens worth more than $25 billion to security threats.
"Due to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network. On vulnerable networks, a successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution."
Halborn has dubbed the vulnerability "Rab13s." According to the researchers, the most severe weakness uncovered in the affected networks applies especially to the way peer-to-peer (p2p) connections are performed in these networks.
An attacker can shut down specific network nodes by sending them malicious consensus messages, leaving the entire system open to 51% attacks or other serious problems.
Halborn discovered a zero-day vulnerability that was specifically tied to Dogecoin, even though some of the flaws had already been discovered on the bitcoin network. This specific flaw involved Remote Procedure Call (RPC) services, which might let attackers remotely execute code and have an effect on specific miners.
Halborn attempted in good faith to get in touch with the impacted networks for appropriate disclosure in the interim. The potential of an attack is increased by the seriousness of the Rab13s vulnerabilities and the easiness of the p2p messaging protocols.
Halborn is withholding any further technical information or exploit details at this time owing to the severity of the vulnerabilities.
